This law isn’t just for websites; it extends to social media, email marketing, apps and company databases.

A lot of what Google has done with its products allows for their users to easily comply with the anonymizing of data and removing of such data from Google’s servers. They have an extensive website detailing everything they are doing on their end to ensure compliance with the law and protect user privacy.

On May 25th, Google will activate a new feature called The Google Analytics Data Retention controls. The feature gives website owners the ability to set the amount of time before user-level and event-level data stored by Google Analytics is automatically deleted from Analytics’ servers. What this means is that the website owner can choose how long Google Analytics retains data before automatically deleting it.

14 months

26 months

38 months

50 months

Do not automatically expire

When data reaches the end of the retention period, it is deleted automatically on a monthly basis.

The email that Google Analytics sent out to its users was basically an email telling users to set their controls.

However, this is only one piece of GDPR. In order to comply with the law, websites, apps and marketers will need to do the following:

You must obtain end-users consent to use cookies on your website or app.

When seeking consent, you must save user-consent and give users a way of revoking consent.

Websites and apps need to have a defined cookies policy in clear, simple language disclosing their use of cookies. This policy needs to be presented to the user, when they receive the cookies notice.

If your website or app advertises online using Ad Networks like Google Adwords you must disclose this to the users in the cookies policy and how you use the data collected.

If your website uses affiliate marketing or shares information with third-parties this must be disclosed as well as how the information is used.

If you have an email newsletter or email marketing campaign everyone on your list must opt-in and be told how you plan to use their data.

So why should you care about GDPR?

It is about privacy protection and data breach protection.

Companies who do not comply will be subjected to serious fines (millions or billions of dollars).

Asian Countries as well as other countries outside of the European Union are enacting similar legislation.

Since the whole Cambridge Analytics and Facebook scandal has occurred many people are pushing to have similar legislation enacted in the US.

Google, Facebook and other websites are starting to make changes to their policies in order to comply with GDPR.

This is so overwhelming what do I do next?

If you are doing business within the European Union, it is important that you take an audit of your website to determine how your website is capturing user data.

Remove any un-necessary data collection products.

Have your IT person implement a cookies policy and way of capturing consent. Google has a website dedicated to cookies policy information https://www.cookiechoices.org

Make sure your email list is double-opt-in.

Make sure your readers can unsubscribe with ease (which you should be doing anyways to comply with spam laws).

If you have any questions regarding the use of cookies on your website or GDPR, please don’t hesitate to call us at 425.243.4176 or email us at help@tinystarscreative.com